A safety risk assessment shall be performed by the operator taking into account all the elements that contribute to the risk of the particular operation. For this purpose, the operator shall:
— provide to the competent NAA all the information required for a preliminary applicability check of the category of operation;
— provide to the competent authority a safety risk assessment covering both the drone and the operation, identifying all the risks related to the specific operation, and proposing adequate risk-mitigation measures.
— compile an appropriate Operations Manual containing all the required information, descriptions, conditions and limitations for the operation, including training and qualification for personnel, maintenance of the drone and its systems, as well as occurrence reporting and oversight of suppliers.

4.5 C2 LINK
4.5.4 The C2 link capability, at the current state of the technology, may not be able to provide the reliability and
integrity levels required for safe flight from take-off through landing under all operating conditions. Design constraints or
operational mitigations may therefore be needed to ensure an acceptable level of safety performance for all functions
implemented over the C2 link. The RPA design approval holder must demonstrate that safety critical functions
implemented over the C2 link meet an acceptable level of safety performance.
4.5.5 Other important aspects related to the C2 link and airworthiness include the security of the C2 link against
hacking, spoofing and other forms of interference or malicious hijack, as well as unintentional interference. Mitigations
must be implemented to prevent the C2 link from connecting the RPS to an unintended RPA or vice versa. Information
on these issues is contained in sections 9.11, 11.4 and 11.5.

9.11 SECURITY REQUIREMENTS
9.11.6 The C2 link provides functions as vital as traditional wiring, control cables and other essential systems.
These links may utilize diverse hardware and software that may be provided and managed by third parties. Safety and
security of these links and services are equally important as those for the RPA and RPS. They must be free from
hacking, spoofing and other forms of interference or malicious hijack. Doc 9985 may provide general reference material
when addressing the unique nature of the C2 link.

Non-malicious/unintended interference
11.5.1 The data link(s) should be robust enough to survive the modest levels of interference that will be present
from time to time.
11.5.2 Due to the risk of interference of the C2 link, it is recommended that there be a means to test or confirm
that no harmful RF interference is present prior to and during flight; this requirement also applies to VLOS operations.Security threats/malicious interference
11.5.3 The requirements for protection against malicious interference of the data link need to be harmonized
based on an assessment by the competent authority.
11.5.4 The protection of the C2 link by encryption using security keys incurs a logistical overhead that requires
careful management.